vendor:
Adaptive Security Appliance Software
by:
zerosum0x0, jennamagius, aleph___naught
10.0
CVSS
CRITICAL
Remote Code Execution
119
CWE
Product Name: Adaptive Security Appliance Software
Affected Version From: 9.7.1
Affected Version To: 9.7.1
Patch Exists: YES
Related CWE: CVE-2018-0101
CPE: a:cisco:adaptive_security_appliance_software
Other Scripts:
N/A
Platforms Tested: Linux
2018
Cisco ASA CVE-2018-0101 Crash PoC
This PoC exploits a vulnerability in Cisco ASA devices that allows an attacker to crash the device by sending a specially crafted XML packet. The vulnerability is caused by a buffer overflow in the webvpn code. The vulnerability affects Cisco ASA devices running versions 9.7.1 and earlier. The PoC sends an XML packet with a specially crafted 'host-scan-reply' element that causes a buffer overflow and crashes the device.
Mitigation:
Upgrade to Cisco ASA version 9.7.2 or later.
